mirror of
https://github.com/pgpainless/pgpainless.git
synced 2025-01-08 19:27:57 +01:00
Integrate WoT by adding EncryptionOptions.addAuthenticatableRecipients() method
This commit is contained in:
parent
9d93c0f5ae
commit
bf9bf94fb0
2 changed files with 45 additions and 0 deletions
|
@ -8,6 +8,7 @@ import org.pgpainless.key.OpenPgpFingerprint;
|
|||
|
||||
import javax.annotation.Nonnull;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
|
||||
public interface CertificateAuthority {
|
||||
|
||||
|
@ -30,4 +31,20 @@ public interface CertificateAuthority {
|
|||
boolean email,
|
||||
@Nonnull Date referenceTime,
|
||||
int targetAmount);
|
||||
|
||||
/**
|
||||
* Identify certificates, which carry a trustworthy binding to the given userId.
|
||||
*
|
||||
* @param userId userId
|
||||
* @param email if true, the user-ID will be treated as an email address and all user-IDs containing
|
||||
* the email address will be matched.
|
||||
* @param referenceTime reference time at which the binding shall be evaluated
|
||||
* @param targetAmount target trust amount (120 = fully authenticated, 240 = doubly authenticated,
|
||||
* 60 = partially authenticated...)
|
||||
* @return list of identified bindings
|
||||
*/
|
||||
List<CertificateAuthenticity> identify(@Nonnull String userId,
|
||||
boolean email,
|
||||
@Nonnull Date referenceTime,
|
||||
int targetAmount);
|
||||
}
|
||||
|
|
|
@ -23,6 +23,8 @@ import org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator;
|
|||
import org.bouncycastle.openpgp.operator.PublicKeyKeyEncryptionMethodGenerator;
|
||||
import org.pgpainless.algorithm.EncryptionPurpose;
|
||||
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
||||
import org.pgpainless.authentication.CertificateAuthenticity;
|
||||
import org.pgpainless.authentication.CertificateAuthority;
|
||||
import org.pgpainless.exception.KeyException;
|
||||
import org.pgpainless.implementation.ImplementationFactory;
|
||||
import org.pgpainless.key.OpenPgpFingerprint;
|
||||
|
@ -113,6 +115,32 @@ public class EncryptionOptions {
|
|||
return new EncryptionOptions(EncryptionPurpose.STORAGE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Identify authenticatable certificates for the given user-ID by querying the {@link CertificateAuthority} for
|
||||
* identifiable bindings.
|
||||
* Add all acceptable bindings, whose trust amount is larger or equal to the target amount to the list of recipients.
|
||||
* @param userId userId
|
||||
* @param email if true, treat the user-ID as an email address and match all user-IDs containing the mail address
|
||||
* @param authority certificate authority
|
||||
* @param targetAmount target amount (120 = fully authenticated, 240 = doubly authenticated,
|
||||
* 60 = partially authenticated...)
|
||||
* @return encryption options
|
||||
*/
|
||||
public EncryptionOptions addAuthenticatableRecipients(String userId, boolean email, CertificateAuthority authority, int targetAmount) {
|
||||
List<CertificateAuthenticity> identifiedCertificates = authority.identify(userId, email, new Date(), targetAmount);
|
||||
boolean foundAcceptable = false;
|
||||
for (CertificateAuthenticity candidate : identifiedCertificates) {
|
||||
if (candidate.isAuthenticated()) {
|
||||
addRecipient(candidate.getCertificate());
|
||||
foundAcceptable = true;
|
||||
}
|
||||
}
|
||||
if (!foundAcceptable) {
|
||||
throw new IllegalArgumentException("Could not identify any trust-worthy certificates for '" + userId + "' and target trust amount " + targetAmount);
|
||||
}
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add all key rings in the provided {@link Iterable} (e.g. {@link PGPPublicKeyRingCollection}) as recipients.
|
||||
*
|
||||
|
|
Loading…
Reference in a new issue